[libvirt] [PATCH 0/6] NSS module for libvirt

Michal Privoznik mprivozn at redhat.com
Wed Feb 17 12:11:34 UTC 2016

On 17.02.2016 13:02, Daniel P. Berrange wrote:
> On Wed, Feb 17, 2016 at 12:59:58PM +0100, Michal Privoznik wrote:
>> On 16.02.2016 17:48, Guido Günther wrote:
>>> On Mon, Feb 15, 2016 at 05:38:37PM +0100, Michal Privoznik wrote:
>>>> Are you tired of remembering IP addresses for your domains?  Do
>>>> you have enough of configuring static IPs so that you can add
>>>> them to your hosts file? Then libvirt NSS module is exactly what
>>>> you need!
>>>> NSS does a lot in a Linux host. These patches aim at translating
>>>> domain names into IP addresses. All you need to do, is install
>>>> libnss_libvirt.so.2 (e.g. via 'make install' ran from source
>>>> dir), enable the module in nsswitch.conf:
>>>>     $ grep libvirt /etc/nsswitch.conf
>>>>     hosts:       files dns libvirt
>>>> and you're all set. Now you can just:
>>>>     $ ping $mydomain
>>>>     $ ssh user@$mydomain
>>>> or anything you'd like. The only limitation is that it has to be
>>>> libvirt who has assigned the domain IP address. The limitation
>>>> comes from implementation in which
>>>> '/var/lib/libvirt/dnsmasq/*.status' files are parsed when looking
>>>> up a hostname.
>>>> What's beautiful on this feature is that it helps any users
>>>> regardless of their systemd attitude. On systemd hosts there
>>>> already exists a similar module 'mymachines' which takes its data
>>>> from machined. And libvirt does communicate with machined when
>>>> creating a domain. But unfortunately at that time we know nothing
>>>> about guest's IPs and therefore do not tell them to machined,
>>>> which in turn can't tell anything to mymachines module. To make
>>>> things worse, machined seems to be lacking an API to tell it the
>>>> addresses later on when libvirt finds out. Therefore even systemd
>>>> distros will benefit from this feature.
>>> Nice. For a similar purpose I hacked up simplec a while ago:
>>>     https://github.com/agx/simplec
>>> it works by fetching domain IPs using our APIs and stores them in a file
>>> for a dnsmasq instance to read. This allows to even collect IPs from
>>> remote URIs.
>> Interesting. Esp. the remote URIs part. That's what I was wondering when
>> writing my module, whether I should actually open a libvirt connection
>> and use public API to retrieve IPs or parsing an internal file is just
>> enough. But I could not think of any useful use case where I'd need to
>> resolve remote IPs. I mean, either those IPs are in a private network so
>> they are useless, or they come from the same subnet as host ones and in
>> that case external DHCP server has assigned them and hopefully set DNS
>> records too. What's your use case?
> IMHO opening a libvirt connection would be a pretty bad idea - this
> code runs in pretty much any process on the host so you want to keep
> the code in the NSS module small and simple with as little performance
> overhead, nor potential with slow response.

Exactly! That's why I even hesitated to link libvirt.so in. But
unfortunately, due to uncleanliness of our code, libvirt_util requires
some symbols from other areas of the code. One day I'm gonna change
that. On the other hand, if you want the NSS module, you probably have
libvirt in the system anyway so libvirt.so is already loaded in your ram


More information about the libvir-list mailing list